WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Security: Clean up user inputs before using. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@1727 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
emc3 2004-10-02 00:46:30 +00:00
parent d5c9465fa9
commit 8fca0cb926
2 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wp-admin/upload.php
View File

@ -80,15 +80,15 @@ case 'upload':
<?php //Makes sure they choose a file
//print_r($HTTP_POST_FILES);
//print_r($_FILES);
//die();
$imgalt = (isset($_POST['imgalt'])) ? $_POST['imgalt'] : $imgalt;
$imgalt = basename( (isset($_POST['imgalt'])) ? $_POST['imgalt'] : '' );
$img1_name = (strlen($imgalt)) ? $_POST['imgalt'] : $HTTP_POST_FILES['img1']['name'];
$img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $HTTP_POST_FILES['img1']['type'];
$imgdesc = str_replace('"', '&amp;quot;', $_POST['imgdesc']);
$img1_name = (strlen($imgalt)) ? $imgalt : basename( $_FILES['img1']['name'] );
$img1_type = (strlen($imgalt)) ? $_POST['img1_type'] : $_FILES['img1']['type'];
$imgdesc = htmlentities2($imgdesc);
$imgtype = explode(".",$img1_name);
$imgtype = strtolower($imgtype[count($imgtype)-1]);
@ -99,10 +99,10 @@ case 'upload':
if (strlen($imgalt)) {
$pathtofile = get_settings('fileupload_realpath')."/".$imgalt;
$img1 = $_POST['img1'];
$img1 = $_POST['img1']['tmp_name'];
} else {
$pathtofile = get_settings('fileupload_realpath')."/".$img1_name;
$img1 = $HTTP_POST_FILES['img1']['tmp_name'];
$img1 = $_FILES['img1']['tmp_name'];
}
// makes sure not to upload duplicates, rename duplicates
@ -191,7 +191,7 @@ die();
$max_side = 400;
}
elseif($_POST['thumbsize'] == 'custom') {
$max_side = $_POST['imgthumbsizecustom'];
$max_side = intval($_POST['imgthumbsizecustom']);
}
$result = wp_create_thumbnail($pathtofile, $max_side, NULL);

8
wp-includes/functions.php
View File

@ -1716,4 +1716,12 @@ function get_template_directory() {
return $template;
}
// Borrowed from the PHP Manual user notes. Convert entities, while
// preserving already-encoded entities:
function htmlentities2($myHTML) {
$translation_table=get_html_translation_table (HTML_ENTITIES,ENT_QUOTES);
$translation_table[chr(38)] = '&';
return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&amp;" , strtr($myHTML, $translation_table));
}
?>